Running Docker Swarm in rootless mode?

The question was asked in 2000, but maybe something changed.

I am always looking to improve our security, recently read again about how much saver Docker rootless is. Has anyone experience with running Docker Swarm in rootless mode?

I found this bit of information (doc):

Following features are not supported:
= AppArmor
= Checkpoint
= Overlay network

That sounds like a deal breaker, how should services/containers talk to each other across nodes without overlay network?

I don’t think that will ever change. Creating an overlay network or manipulate network in any way requires root priviliges which you don’t have, because that’s the point of rootless Docker. Rootless Docker has too main benefits.

  • The root user in the container does not have root privileges on the host.
  • You can mount something from your host to the container as a non-root user and have it inside the container as root which is useful during development.

If you really want to have multiple nodes, you need to run Docker as root. You can still use user namespaces to have a root user in the container which is not root on the host. I don’t frequently use Swarm, but I don’t see why that would not work.

1 Like